SShortSingh.
TopTechnologyAI & MLStartupsProgrammingScienceBusinessFinanceCrypto & Web3World
Back to feed
Programming

Polymarket Confirms Hack via Third-Party Vendor; Affected Users Promised Full Refunds

0
·1 views

Crypto prediction platform Polymarket confirmed that hackers stole user funds after compromising a third-party vendor, which was used to inject malicious code into the platform's website. Spokesperson Connor Brandi told TechCrunch that the vendor breach directly resulted in theft, though the company declined to disclose the total amount stolen, the vendor's identity, or the precise attack mechanism. Blockchain security firm PeckShield independently flagged suspicious on-chain activity around the same time Polymarket made its public announcement. The attack is classified as a supply chain breach, meaning Polymarket's own smart contracts were not compromised — the vulnerability existed in the conventional web infrastructure surrounding them. The platform says it has contained the incident and is contacting affected users directly with commitments to issue full refunds.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer uses Claude Code's Stop hook to play a sound alert when AI tasks finish

A developer building jo4.io discovered that Claude Code would silently wait for input after completing tasks, causing long idle periods when attention drifted elsewhere. To fix this, they configured Claude Code's built-in Stop hook in ~/.claude/settings.json to trigger the macOS 'Funk' system sound whenever Claude finishes responding or needs user input. The one-line shell command uses macOS's native afplay utility, requiring no third-party tools or complex setup. The developer reports the change roughly halved their task turnaround time by eliminating the habit of forgetting to check the terminal. The approach can be extended to play different sounds based on task outcome, and equivalent commands exist for Linux and Windows WSL users.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Developer releases browser-only favicon generator with no dependencies or uploads

A developer has built a single-file, client-side favicon generator that converts text, emoji, or SVG code into PNG and ICO files entirely within the browser. The tool supports output sizes ranging from 16×16 to 180×180 pixels and packages a multi-size ICO binary without relying on any external JavaScript libraries. Features include live previews, color pickers with auto-contrast based on WCAG 2.1 luminance, a border-radius slider, font options, and one-click presets for popular language logos. No files are uploaded to a server and no user tracking is involved, making it a privacy-friendly alternative to existing favicon tools. The project includes 136 tests and is freely accessible online as a standalone HTML file.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

New CLI tool mcp-audit exposes security flaws in MCP server configurations

A developer building MCP server integrations for Claude and Cursor discovered serious security gaps after running a self-built auditing tool called mcp-audit on their own setup, which scored 0 out of 100. The tool flagged issues including a remote server with no authentication, a plaintext GitHub token stored in a config file, unpinned auto-updating executables, and an overly broad filesystem access scope. A 2026 analysis of roughly 7,000 public MCP servers found that 41% require no authentication and 36.7% are vulnerable to SSRF attacks, highlighting how widespread these risks are. The tool also revealed that running multiple MCP servers can silently consume 50,000 to 75,000 context tokens per request, increasing costs and latency before a user types a single prompt. mcp-audit is a free, open-source, zero-dependency CLI that runs entirely locally and supports config files from Claude Desktop, Cursor, VS Code, and other clients.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

How to Build a Production MLOps Pipeline on Azure Databricks with Spark and MLflow

A technical tutorial published on DEV Community outlines how to construct a production-grade feature engineering pipeline using Azure Databricks for large-scale machine learning workloads. The guide leverages Apache Spark for distributed data transformation, Delta Lake for versioned and ACID-compliant feature storage, and MLflow for tracking pipeline runs and model experiments. The architecture follows the Medallion pattern, organizing data across Bronze, Silver, and Gold layers that progressively clean and enrich raw data before model training. A customer churn prediction system serves as the primary use case, though the author notes the patterns are broadly applicable to any ML feature pipeline. Code examples demonstrate append-only Bronze ingestion, Silver-layer deduplication and schema enforcement, and Gold-layer feature aggregation using PySpark and Delta Lake merge operations.

0 comments Read more at DEV Community
Polymarket Confirms Hack via Third-Party Vendor; Affected Users Promised Full Refunds · ShortSingh